Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-15 Thread nayna
On 2019-01-14 21:42, Dave Young wrote: On 01/14/19 at 11:10am, Mimi Zohar wrote: On Sun, 2019-01-13 at 09:39 +0800, Dave Young wrote: > Hi, > > On 01/11/19 at 11:13am, Mimi Zohar wrote: > > On Fri, 2019-01-11 at 21:43 +0800, Dave Young wrote: > > [snip] > > > > > Personally I would like to see

Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-14 Thread Kairui Song
On Tue, Jan 15, 2019 at 10:42 AM Dave Young wrote: > > On 01/14/19 at 11:10am, Mimi Zohar wrote: > > On Sun, 2019-01-13 at 09:39 +0800, Dave Young wrote: > > > Hi, > > > > > > On 01/11/19 at 11:13am, Mimi Zohar wrote: > > > > On Fri, 2019-01-11 at 21:43 +0800, Dave Young wrote: > > > > [snip] > >

Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-14 Thread Dave Young
On 01/14/19 at 11:10am, Mimi Zohar wrote: > On Sun, 2019-01-13 at 09:39 +0800, Dave Young wrote: > > Hi, > > > > On 01/11/19 at 11:13am, Mimi Zohar wrote: > > > On Fri, 2019-01-11 at 21:43 +0800, Dave Young wrote: > > > [snip] > > > > > > > Personally I would like to see platform key separated

Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-14 Thread Mimi Zohar
On Sun, 2019-01-13 at 09:39 +0800, Dave Young wrote: > Hi, > > On 01/11/19 at 11:13am, Mimi Zohar wrote: > > On Fri, 2019-01-11 at 21:43 +0800, Dave Young wrote: > > [snip] > > > > > Personally I would like to see platform key separated from integrity. > > > But for the kexec_file part I think

Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-13 Thread Kairui Song
Hi, Mimi, Dave I checked the previous patches: https://www.spinics.net/lists/keyrings/msg03518.html https://www.spinics.net/lists/keyrings/msg03517.html https://www.spinics.net/lists/keyrings/msg03516.html That the latest patched I could found that placed the platform keyring in certs/ However

Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-12 Thread Dave Young
Hi, On 01/11/19 at 11:13am, Mimi Zohar wrote: > On Fri, 2019-01-11 at 21:43 +0800, Dave Young wrote: > [snip] > > > Personally I would like to see platform key separated from integrity. > > But for the kexec_file part I think it is good at least it works with > > this fix. > > > > Acked-by:

Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-11 Thread Mimi Zohar
On Fri, 2019-01-11 at 21:43 +0800, Dave Young wrote: [snip] > Personally I would like to see platform key separated from integrity. > But for the kexec_file part I think it is good at least it works with > this fix. > > Acked-by: Dave Young The original "platform" keyring patches that Nayna

Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-11 Thread Dave Young
On 01/10/19 at 12:48am, Kairui Song wrote: > kexec_file_load will need to verify the kernel signed with third part > keys, and the keys could be stored in firmware, then got loaded into > the .platform keyring. Now we have a .platform_trusted_keyring > as the reference to .platform keyring, this

[RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify

2019-01-09 Thread Kairui Song
kexec_file_load will need to verify the kernel signed with third part keys, and the keys could be stored in firmware, then got loaded into the .platform keyring. Now we have a .platform_trusted_keyring as the reference to .platform keyring, this patch makes use if it and allow kexec_file_load to